New PDPA Guidelines Following Local Bank Breach

StaffOnDemand Blog

Recently, The Middle Ground, an online news website published an article on dumpster-diving in the Central Business District and what they discovered in the process.

The team chanced upon a bag full of documents sitting under a tree along the street at Boat Quay, which seemed to be documents from a nearby bank. Their finds were astounding; Sales plans, bank statements, passport photocopies, phone bills and cross-sell project plans, alongside with personal details like the person's address, phone number, and full name,etc.

The article prompted the Monetary Authority of Singapore (MAS) to launch an swift investigation involving a local bank, and the authority spokesperson added that it will take action against banks that do not safeguard the confidentiality of customer information and will be working with the Personal Data Protection Commission (PDPC) to review the matter.

PDPC, Singapore privacy watchdog, then released new advisory guidelines on disposal of personal data on physical medium.

Here are the key highlights in the guidelines to note when handling personal data that are kept on physical medium (e.g. paper):

Data Protection Extends To Copies


During the entire life cycle, personal data must be protected. This does not apply only to the original data set, but also to any copies, print outs, and transformations.

Disposal of personal data is therefore not just about the main document but about each and every copy of such document when the data is not needed anymore.

Incomplete disposal can lead to data breaches

Uncontrolled disposal of paper without destruction may lead to recovery of documents through ‘dumpster diving’ (e.g. sifting through physical waste or recycling containers for items that have been discarded, but are still of value or covered by regulation).

For personal data stored on paper, proper disposal or destruction usually refers
to putting the paper through one or more of the following processes :

  • Incineration (or burning): reduces paper to ashes;
  • Shredding: cuts paper in a way that makes it reasonably difficult, or even impossible, to reassemble the pieces in order to reconstruct (a substantial part of) the information, but allows for the paper to be recycled as long as the pieces are not too small; or
  • Pulping: paper is mixed with water and chemicals to break down the paperfibres before it is processed into recycled paper

Personal Data Protection of Job Applicant Data

As part of the interview / candidate review process, it is common for employers to print out copies of the applicants' resumes and application forms for the convenience of the interviewers. A concern that may then arise, is the handling of these documents post interview - Will the reviewer simply dump the resume and ensuing personal data into the physical trash bin and end up being leaked to external parties with malicious intent?

Save the Trees, And Protect Personal Data at the Same Time (The 'No Paper' Approach)

Using StaffOnDemand, you can do away with the need for paper resumes and application details effortlessly.

Review / Shortlisting Applicants

Include relevant hiring managers in your hiring team for the job - They will only be able to access applicants for the job that they are reviewing for, and can shortlist the applicants easily within the same platform.

Candidate Interviews

If you have arranged for an interview and would like to reference the candidate's resume before or during the interview, simply click on the scheduled applicant to view his/her resume, cover letter, without needing to print them out.

Review Notes on Candidate's Interview

Need to take down interview notes and feedback? Do that digitally and have it automatically tagged to the applicant for future reference by simply clicking on the review tab and pen away!

Sources:

Is that your bank loan application in the trash? | 17 June 2016, The Middle Ground
http://themiddleground.sg/2016/06/17/trashure/

MAS probes case of UOB's unshredded client data | 19 July 2016, The Business Times
http://www.straitstimes.com/business/companies-markets/mas-probes-case-of-uobs-unshredded-client-data

Dumping paper with personal info? Shred it, says watchdog | 21 July 2016, Straits Times
http://www.straitstimes.com/singapore/dumping-paper-with-personal-info-shred-it-says-watchdog

Guide to Disposal of Personal Data On Physical Medium | 20 July 2016, Personal Data Protection Commission
https://www.pdpc.gov.sg/docs/default-source/other-guides/guide-to-disposal-of-personal-data-on-physical-medium-(200716).pdf


Image Credits:
Header image adapted from Vectoreezy